On Thu, 9 Dec 2004 12:07:18 -0600 (CST), Mike Miller <mbmiller at taxa.epi.umn.edu> wrote: > On Wed, Dec 08, 2004 at 10:15:23PM -0600, Ken Fuchs wrote: > > > You forgot: > > > > 6) Disable remote root login. > > 7) Disable sudo. > > 8) There are more, but I've said enough already. :) > > How does sudo hurt security? Is it because it can allow a user to become > root without a password? That does seem like a bad idea for several > reasons that I will not go into. My question: Is it possible to > configure sudo so that a password is always required? That would be my > preferred way of using it. It would be best for me if different users > could have different passwords for accessing root permissions. Does sudo > allow that? > > Mike Yes, sudo allows use of a person needing to supply their password each time (actually I think it's within 5 minutes or the like) it is used. Also, you can setup different groups with different levels authority. You can specify what you want them to run (most secure/safe), or specify what they can't run (least secure/safe). Do some googling, you'll find lots of examples. Also, read the various sudo documentation and sudoers example file. One thing to keep in mind is that if you block what they can't do, you have to ensure that your pathing is correct. Otherwise, it gives them wide open access. Also, if you allow them "sudo bash" or other shells, you have just given them root access without having to know root's password. -- -Shawn -Nemo me impune lacessit. Ne Obliviscaris.. _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list